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METHOD AND SYSTEM FOR SHARING DIFFERENT WEB COMPONENTS 
BETWEEN DIFFERENT WEB SITES IN A PORTAL FRAMEWORK 

BACKGROUND OF THE INVENTION 

5 Field of the Invention 

The present invention relates to a method, a system and a computer program 
product for providing a site as a collection of software web objects. More particularly, 
the present invention relates to a method, a system and a computer program product for 
providing a site as a collection of web objects that can be manipulated by a set of users 
10 having assigned privileges defined by permissions associated with each software web 
object in the collection of objects. 

Description of the Prior Art 

Traditionally, web sites have been considered to be all resource files organized 
and accessible from a given domain name associated with a system, such as a server. 

15 Typically, web sites have a common look, feel and navigational structure. Computer 
program code is implemented to provide the common look, feel and navigational 
structure of a web site. Portals have been implemented to provide a gate to access a 
plurality of web objects of a web site for simultaneous viewing on a display. Most 
companies and organizations provide different types of portals for a variety of purposes 

20 these include portals for the general public, intranet portals for their employees, as well 
as extranet portals for their customers, vendors, suppliers, and other parties with whom 
they transact business. 

The complexity and cost of developing, deploying, administering and continually 
enhancing portals, is tremendous. In developing, deploying and maintaining portals, it is 

25 often necessary to implement objects of a web site. Typically, developing, deploying, 
enhancing and maintaining portals, such as implementing web objects of a web site 
provided by a portal, requires the physical selection and transfer of files to systems 
desired to implement web objects of a web site in a portal. Alternatively, the entire web 
site must be archived in a file and transferred to a system in order to implement the web 

30 site. This type of development, deployment, and maintenance of portals is complex, 
costly and prone to error. Additionally, the process requires the manual transfer of code 
and libraries to a system. Lastly, aspects of a web site cannot be made available to an 
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intended group of users for commercial use. Companies and organizations are forced to 
maintain staffs of highly skilled engineers and content developers, or to outsource these 
tasks. Meanwhile, Internet-related technologies are proliferating and maturing, and 
Internet users' expectations continue to increase. Maintaining an effective portal often 
5 competes with and detracts from the resources available for an organization's primary 
goals. 

There is a need for a new method of administrating web objects on a portal 
framework as a collection of software objects. There is a need for a method of 
managing the software object employing a set of users granted privileges associated with 
10 respective objects in the collection of software objects. There is a need for a new method 
of sharing objects of web site with other web sites. There is a need for a new method of 
unsharing objects of a web site from other web sites. There is a need for a new method 
to add shared objects to a web site. 



1 5 SUMMARY OF THE INVENTION 

According to embodiments of the present invention, a method, a system and a 
computer program product for sharing an object in a portal framework are provided. Sites 
defined by a collection of software objects may be managed by a set of users granted 
privileges associated with respective objects in the collection of software objects. The 

20 sharing of objects may be executed by performing share type administrations. Objects 
may be shared directly to a site or may be shared indirectly made available for reuse by a 
site. The objects shared and made available for reuse may be added to the site to which 
they are shared and made available for reuse. References to objects are stored in 
repositories based on privileges associated with at least one of a repository, a site and a 

25 user. Objects made available for reuse by and shared to a site may be made unavailable 
for reuse by, and unshared to, the site through the execution of a share type 
administration. 

A method of sharing an object in a portal framework includes storing a reference 
to the object in a first repository and performing a first operation to store a duplicate 
30 reference to the object in a second repository. The first operation is in accordance with a 
first privilege granted as defined by a permission. References to each child object or 
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some child objects of the object in the second repository may also be stored in the second 
repository. 

In an embodiment of the present invention, the reference to an object is for an 
object of a first site. The performance of a second operation adds the object to a second 
5 site. The method further includes performing a third operation to remove the duplicate 
reference of the object from the second repository and the object from the second site. 

In an embodiment of the present invention, the method includes providing access 
to the duplicate reference of the object in the second repository. Access is provided in 
accordance with a second privilege granted as defined by a permission for the second 
1 0 repository. The method further includes performing a second operation to store a second 
duplicate of the reference to the object in a third repository. The performance of a third 
operation adds the object to a second site. The method further includes performing a 
fourth operation to remove the second duplicate of the reference of the object from the 
second repository and the object from the second site. 

15 A computer program product for sharing an object in a portal framework includes 

a computer readable medium and computer program instructions, recorded on the 
computer readable medium, executable by a processor. The computer program 
instructions perform the steps of storing a reference to the object in a first repository and 
performing a first operation to store a duplicate of the reference to the object in a second 

20 repository. The first operation is in accordance with a first privilege granted as defined 
by a permission. 

A system for sharing an object in a portal framework includes a first repository 
operable to store a reference to the object and a second repository operable to store a 
duplicate of the reference to the object in response to a first operation. The first operation 
25 is in accordance with a first privilege granted as defined by a permission. 



BRIEF DESCRIPTION OF THE DRAWINGS 

The above described features and advantages of the present invention will be 
fully appreciated with reference to the detailed description and appended figures in 
30 which: 
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Fig. 1 depicts a functional block diagram of an embodiment of a framework in 
which the present invention can find application; 

Fig. 2 depicts a functional block diagram of a system depicted in the framework 
of Fig. 1; 

5 Fig. 3a depicts a functional block diagram of a system depicted in the framework 

of Fig 1; 

Fig. 3b depicts a functional block diagram of a system depicted in the framework 
of Fig 1; 

Fig. 4 depicts a functional block diagram of a system depicted in the framework 
10 ofFig. 1; 

Fig. 5a illustrates an exemplary repository framework for storing a collection of 
references to a collection of objects of sites in Framework 100 according to an 
embodiment of the present invention; 

Fig. 5b illustrates exemplary rules governing setting of default values for 
1 5 permissions of objects in sites of framework in Fig. 1 ; 

Fig. 5c is an exemplary diagram explaining the application of the non-site 
administration rule; 

Fig. 6 illustrates an exemplary embodiment of a site hierarchy implemented by 
the present invention; 

20 Fig. 7 depicts an exemplary form for setting primary site values according to an 

embodiment of the present invention; 

Fig. 8 illustrates an exemplary embodiment of object reuse between repositories 
in Framework 500, implemented by the present invention; 

Fig. 9 is an exemplary table illustrating objects and the objects they may 
25 reference and use; 

Fig. 10 is an exemplary embodiment of multi-level navigational horizontal 
configuration; 

Fig. 1 1 is an exemplary embodiment of multi-level navigational horizontal and 
vertical configuration; 
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Fig. 12 is an exemplary diagram illustrating a deployment management 
framework for importing and exporting components of a site for between portals 
employed by Framework 100; 

Fig. 13 depicts an exemplary collection of extensible markup language and the 
5 file assets stored as individual export files; 

Fig. 14 illustrates menu items of menus with link titles for menu items 
definitions; 

Fig. 15 illustrates a segment of a site navigation captured as a menu object; 

Fig. 16a illustrates a table for implementing the combined algorithm; 

10 Fig. 16b illustrates a table for implementing the exclusive algorithm; 

Fig. 17 depicts an exemplary embodiment of a top level locking interface; 

Fig. 1 8 depicts an exemplary embodiment of a front door page of an end user site 
employing menuing structures according to the present invention; 

Fig. 19 depicts the rules determining the operation of the control menu system 
1 5 and a site navigation system according to an embodiment of the present invention; and 

Figs. 20a-20b are exemplary illustrations of consoles according to an embodiment 
of the present invention. 



DETAILED DESCRIPTION OF THE INVENTION 

20 The present invention is now described fully hereinafter with reference to the 

accompanying drawings showing embodiments of the present invention. The present 
invention, however, may be embodied in many different forms and should not be 
construed as limited to embodiments set forth herein. Appropriately, these embodiments 
are provided so that this disclosure will be thorough and complete, and will fully convey 

25 the scope of the present invention. 

OVERALL FRAMEWORK 

Fig. 1 depicts a functional block diagram of a framework in which the present 
invention can find application. In the embodiment of Fig. 1, Framework 100 may be 
implemented to provide for the administration of sites on Framework 100 as a collection 
30 of software objects that may be managed by a set of users granted privileges associated 
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with respective objects in the collection of software objects. Framework 100 may employ 
and maintain portals to provide gateways for access to objects of a site. Framework 100 
may be implemented to perform administration such as importing and exporting 
components of a site between portals on Framework 100, sharing objects between sites 
5 on Framework 100 and granting privileges associated with objects to users of Framework 
100. 

A console may be employed to perform administration on a site of Framework 
100. A console may be a graphical user interface of an administration site provided to an 
administrator to perform administration on objects in Framework 100. For example, a 

10 server console is a graphical user interface of a server administration site operable to 
perform administration on all objects in Framework 100. Alternatively, a site console is 
a graphical user interface of an administration site provided to an administrator to 
perform administration on objects of one or more sites. Access to a given site console of 
an administration site may be governed by privileges defined by permissions, such as 

15 "can access site administrator context" permission for the site. Likewise, access to a 
given server console for an administration site be governed by privileges defined by 
permissions, such as "can access system administrator context" permission for the 
administration site. Access to an administration site may be provided by employing a 
link that appears to a user upon authentication of the user. A user with privileges to both 

20 a site console and server console may switch between consoles. 

A site is considered, for the purposes of the present invention, to be a collection 
of software objects given a single identity. The single identity may be characterized by a 
shared look-and-feel, a shared set of navigation links, and members of a group who are 
automatically granted privileges to perform administration on at least some of the 
25 software objects in the collection as well as elements of the site. The collection of 
software objects in a site includes non-file assets such as users, groups, modules, module 
types, pages, menus, themes, structures, styles and templates. Detailed descriptions of 
each software object in the collection are provided in U.S. Patent 6,327,628 herein 
incorporated by reference. 

30 Elements of a site include, but are not limited to, logon permissions, 

administrative permissions, site branding, site content and site navigation. Components 
of a site include file assets and non-file assets. File assets include resources such as code 
including JSP pages, ASP pages, Java classes and or object oriented programming 
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language classes, and images including GIF files, etc. stored as a file on a file system and 
implemented to provide a site. Non-file assets include, but are not limited to, instantiated 
programming language objects stored in a database, such as described above (as opposed 
to static class files), and in addition to permissions, user preferences and settings. 

5 A software object may represent an actor within an overall system design. Such 

actors may correspond to real-world concepts, or may exist purely to support the overall 
design. Software objects encapsulate the data and logical processes of the actor. This 
encapsulation makes software objects easy to use, because the user of a software object 
need not know how the software object performs its processes. Software objects are also 
10 extensible, where other software objects can be built on top of existing software objects, 
allowing the new software object to expand the concept of the old software object 
without having to rewrite the functionality of the old software object. These properties 
of software objects make object-oriented systems flexible and extensible. 

An object model, such as an XML object model representation of web sites, 
15 includes a collection of software objects that work together in documented relationships. 
Framework 100 employs an object-oriented system built on such an object model. Each 
software object in Framework 100 is implemented employing a set of classes that define 
the behavior and characteristics of the software object when instantiated. 

In an embodiment of the present invention, logon permissions define the ability 
20 of a user to access a respective site. Administrative permissions define the ability of a 
user to perform administration on a respective site. Site branding defines the look-and- 
feel of a respective site. Site content includes objects in a collection of software objects 
available within a respective site. Site navigation defines the mechanism for moving 
between different areas of a site. Users may have privileges with respect to objects and 
25 elements in order to perform administration on the objects and elements of a site on 
framework 100. 

In the Fig. 1 embodiment of the present invention, framework 100 includes 
systems 102, systems 106, systems 108 and network 104. Framework 100 may transmit 
using network 104, any combination of voice, video and/or data between devices. One 
30 having ordinary skill in the art would recognize that Framework 100 is highly scaleable 
where any number of systems 102, systems 106 and systems 108 may be implemented to 
perform the functions of the present invention. 
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Each system 102 couples to systems 110 employing network 104. Systems 102 
may be any apparatus from which, and to which, any combination of voice video and/or 
data may be transmitted over a network 104, such as the Internet, Intranet or an extranet. 
Systems 102 may be used to provide for the administration of sites on framework 100 as 
5 a collection of software objects that can be manipulated by a set of users having assigned 
privileges defined by permissions associated with each software object in the collection 
of software objects, share objects between sites and automatically grant privileges 
associated with objects to users. 

Each system 110 couples to a system 106 employing suitable communication 
10 means. Each system 110 may be any apparatus from which, and to which, any 
combination of voice video and/or data may be transmitted over a network 104, such as 
the Internet or an extranet. In a preferred embodiment of the present invention, the 
system 110 is a web server. System 110 manages web page requests from system 102 
and delivers HTML documents (Web pages) in response to the requests from system 
15 106. 

Each system 110 couples to a system 106 employing suitable communication 
means. Each system 106 may be any apparatus from which, and to which, any 
combination of voice video and/or data may be transmitted over a network 104, such as 
the Internet or an extranet. In a preferred embodiment of the present invention, the 

20 system 106 is an application server. A set of systems 106 may be operable to implement 
the functions of the present invention. The presentation of web site and administration of 
sites objects are implemented by system 106 employing software services that are 
provided by software and suitable class libraries that connect to other systems as needed. 
System 106 may provide processing between system 102 and system 108, such as 

25 delivery of information as well as processing information for users of system 102. 
Processing by system 106 may be performed by Java servlets, JavaServer Pages (JSPs), 
Enterprise JavaBeans (EJBs), Active Server Pages (ASPs) and ActiveX controls. The 
system 110 and system 106 can be one in the same computer system or separate 
computer system. 

30 Each system 108 couples to a system 106 employing suitable communication 

means. Each system 108 may be any apparatus that executes program instruction in 
accordance with the present invention to store data and provide software object 
persistence via a suitable database interface. In addition, system 108 may directly transfer 
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information to system 1 10 or through system 106 in response to a request for information 
as well as transfer information to user system 102 in response to a request made to 
system 1 10 by user system 102 over network 104. 

Network 104 may be a local area network, a wide area network, the Internet, an 
5 extranet, a wireless network, or the like. The network 104 may transfer information 
between system 102 and system 106, system 108 and system 110. The information 
transferred may include any combination of voice, video and/or data. Network 104 can 
be implemented as a wireless network or a wired network. 

User groups of Framework 100 include, but are not limited to, an everyone group, 
10 user group, new user group, site administration group, shared group, Normal Groups, 
Guest Group, Registered Users Group, and Self Registered Users Groups. Groups define 
the characteristics of user members based on privileges granted to the groups to perform 
administration. The privileges granted to users and groups are defined by values 
assigned to permissions settings based on, in part, an occurrence of a type of 
15 administration in Framework 100. The values assigned to permissions may be set 
automatically as the result of a type of administration or operation by a type of 
administration operation. 

An everyone group may be a virtual system group. It may contain every user in 
Framework 100, including guests. The everyone group is a special conceptual group 

20 which allows batch permissions to be set for all groups implemented as a flag that lives 
on every permission which short-circuits the group-based permissions lookup. The Site 
Administration group may be automatically created for a site whenever a user creates the 
site. A site administration group may contain users granted privileges to perform 
administration on the site. Site administration groups may be stored in a special table in 

25 a system, such as system 108. 

A User group may include users granted privileges to perform administration on 
an object of a site. A shared group may include members of a group available for sharing 
by a site. Members of the share group may access a site when granted privileges to 
access the site. A guest group may be a virtual group of users who are not registered 
30 with a site in a site context, or with any site in a system context. The members of the 
guest group may be granted privileges with respects to a site. Access to a site by 
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members of the guest group may require the site to allow access by guest users. A new 
user group may be a new user assigned to a newly created site. 

Registered users group may be a virtual group of users who are accessing a site in 
a site context, or a site in a system context, in accordance with privileges granted to 
5 access the site. The members of the registered user group may be granted privileges with 
respect to a site. Access to the site by members of a registered user group may require 
the site to allow access by guest users. A self registered users group may be a virtual 
group of users who are accessing a site in a site context, or a site in a system context, in 
accordance with privileges granted by the site. The members of the registered user group 
10 may be granted privileges with respects to a site. Access to the site by members of a 
registered user group may require the site to allow self-registration by users. Normal 
group may be a group created by an administrator and given privileges as defined by the 
administrator for that group. 

Framework 100 users include administrators, delegated administrators and end- 
15 users. Administrators include server administrators and site administrators. Server 
administrators are installation-level users who may have privileges over all aspects of an 
installation. Server administrator may have privileges over all objects in Framework 100 
in accordance with permission settings. Server administrators may have privileges over 
objects of a site in accordance with privileges granted to the server administrator by 
20 membership within groups on Framework 100. Privileges granted server administrators 
may include administration of objects on a system and objects on sites. Administration 
may include, but is not limited to, deploying a site, locking down elements, creating sites 
anywhere in Framework 100, granting and revoking privileges to users for performing 
administration, configuring privileges for sites, logging on to end-user sites, mapping 
25 created sites to URL, modifying systems properties, site branding and sharing objects 
between sites. Administration by a server administrator may be performed in a system 
context from a server console accessible in accordance with privileges granted the server 
administrator and in a site context from a site console accessible in accordance with 
privileges granted the server administrator. 

30 Site administrators may have privileges over at least some objects in Framework 

100 in accordance with permission settings. Site administrators may have privileges over 
objects in a site in accordance with privileges granted the site administrators by 
membership in a site administration group. Privileges granted to site administrators may 
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include administration of objects on a site. Privileges may be granted by configuring the 
permissions of a child site by a site administrator of a parent site to the child site, or 
directly by a server administrator employing a server console. Alternatively, site 
administrators may be granted privileges by configuring permissions for a site by a 
5 server administrator employing a server console. Privileges granted to a site 
administrator may include, but is not limited to, deploying sites, creating sub-sites of a 
site, accessing objects on Framework 100 for sites and sub-sites, managing the look, feel, 
membership and navigational structure of sites and sub-sites, modifying branding of sites 
and sub-sites, sharing objects with sites, overriding default site settings, previewing sites 
10 and performing user searches. A site administrator exists as long as the respective site 
there is a site administrator for exists. 

Delegated administrators include delegated server administrators and delegated 
site administrators. Delegated Server Administrators may be granted privileges over at 
least some of the object in framework 100 in accordance with permission settings. 

15 Delegated Server administrators may be granted at least some of the privileges of a 
server administrator over objects by a server administrator. Administration by a 
delegated server administrator may be performed in a system context from a server 
console accessible in accordance with privileges granted the server administrator and in a 
site context from a site console accessible in accordance with privileges granted by the 

20 server administrator. 

Delegated site administrators may be granted at least some of the privileges over 
at least some of the objects in Framework 100 in accordance with permission settings. 
Delegated site administrators may be granted at least some of the privileges of a site 
administrator over objects by the site administrator. Administration by a delegated site 
25 administrator may be performed in a site context from a site console accessible in 
accordance with privileges granted by the site administrator. 

End-users include guest users and registered users. Guest users may be users not 
registered with a site, such as users without a password or login Id. A guest user may 
access sites allowing access by guest users. Registered users include users who have 
30 performed registration in order to receive a login Id and password for a site allowing self- 
registration by users. Registered user may access sites they are registered with as well as 
other sites allowing self-registration by users. 
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Permissions that may be configured by setting permission values to grant 
privileges include system permissions, site permissions, end-user permissions and object 
permissions. Permissions values may be set automatically, in response to the occurrence 
of a type of administration, and explicitly, by a type of administration. Systems 
5 permissions are granted in a system context. Systems permissions values may be set for 
a system to grant at least some privileges of a server administrator over the system to 
delegated server administrator. Privileges granted to delegated server administrators by 
setting systems permissions values may be performed by the delegated server 
administrator from a server console. System permissions includes can create ungrouped 
10 users permissions and can edit/delete ungrouped users permissions. 

Site permissions are granted to site administrator in a site context. Site 
permissions may be set for a site to grant privileges to site administrators over the site. 
The site administrator may then delegate their privileges to groups within a respective 
site associated with the site administrator from the site console for the site. Privileges 
1 5 granted to a site administrator, by setting site permissions for a site, may be performed by 
the site administrator from the site console for the site. Site permissions include can add 
to site and can share to site. 

Component (object) administration permissions are granted to administrators in a 
system context. In an embodiment of the present invention, object administrative 

20 permissions may be set for an object to grant privileges to a delegated administrator, such 
as a delegated site administrator, over the object from a server console and a site console. 
Privileges granted to delegated administrators by setting objects administrative 
permissions from the server console may be performed from a server console and any 
site console by the delegated administrators. Privileges granted to delegated 

25 administrators by setting objects administrative permissions from the site console may be 
performed from a server console and a site console of a site by the delegated 
administrator. 

End User Permissions may define tasks performable by end-users. End user 
permissions values may be configured by administrators, such as server and site. End 
30 User permissions values configured in the site context apply to a site. End User 
permissions values set in the system context for objects apply to all sites that employ the 
object. End user permissions include module enabled, module editable, module 
minimizable and menu enabled. End user permission may define tasks performable by 
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groups. An end user permission for a group set from the system context applies to the 
group in all sites in the system. For example, a site will have no control over user access 
to a module with module enabled permission for the everyone group set. 

Fig. 2 is a block diagram illustration of end user systems 102. The end user 
5 systems 102 may include CPU 202, connected by a bus or other suitable interface means 
to system memory 208. The user system 102 can also include input/output device 
interface, and display interface 204. Input/output device interface 204 enables 
interaction with and execution of instruction by user system 102 as directed by a user. 
Display interface can display information generated for output by user system 102 as 
10 provided by system 106. As shown, the various components of the user system 102 
communicate through bus 218 or similar architecture. Accordingly, systems memory 
208 is disposed in communication with CPU 202 through bus 21 8. Systems memory 208 
includes Browser Program 212, operating system 214 and data 216. 

Operating system 214 provides overall system functionality. Browser program 
15 212 implements computer program instructions executed by CPU 202. The browser 
program 212 enables the information transmitted from system 106 to be conveyed to a 
user in a manner that can be understood by a user of user system 102. The browser 
program 212 serves as a front end to the World Wide Web on the Internet. The browser 
program 212 may be used to display interfaces, such as consoles to perform 
20 administration on sites of framework 1 00 over network 1 04. 

Fig. 3a is an exemplary block diagram of system 110 illustrated in Fig. 1, in 
which the present invention may be implemented. System 110 manages web page 
requests from system 102 and delivers HTML documents (Web pages) in response to the 
requests from system 106. System 110 includes a processor (CPU) 326 connected by a 
25 bus 340 to memory 332, network interface 320 and I/O circuitry 324. 

In the Fig. 3a embodiment, CPU 326 is a microprocessor, such as an INTEL 
PENTIUM® or AMD® processor, but may be any processor that executes program 
instructions in order to carry out the functions of the present invention. As shown, CPU 
326 and the various other components of the system 110 communicate through a system 
30 bus 340 or similar architecture. Network interface 320 provides an interface between 
system 110 and a network 104, such as the Internet. The network 104 may be a local 
area network (LAN), a wide area network (WAN), or combinations thereof. I/O circuitry 
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304 provides an interface for the input of structured information to and output of 
structured information from system 110. I/O circuitry 304 includes input devices, such 
as trackball, mice, touchpads and keyboards, and output devices, such as printers and 
monitors. 

5 In the Fig. 3a embodiment, memory 332 stores operating system 338, web server 

software 336 and data 334. Operating system 338 provides overall system functionality. 
Data 334 may be any structured data required by system 110. Web server software 336 
performs the functions for managing the delivery of web pages. 

Fig. 3b is an exemplary block diagram of system 106 illustrated in Fig. 1, in 
10 which the present invention may be implemented. System 106 performs the functions 
for administration of sites on framework 100 as a collection of software objects that can 
be manipulated by a set of users having assigned privileges. System 106 includes a 
processor (CPU) 302 connected by a bus 318 to memory 308, network interface 310 and 
I/O circuitry 304. 

15 In the Fig. 3b embodiment, CPU 302 is a microprocessor, such as an INTEL 

PENTIUM® or AMD® processor, but may be any processor that executes program 
instructions in order to carry out the functions of the present invention. As shown, CPU 
302 and the various other components of the system 106 communicate through a system 
bus 318 or similar architecture. Network interface 310 provides an interface between 

20 system 106 and a network 104, such as the Internet. The network 104 may be a local 
area network (LAN), a wide area network (WAN), or combinations thereof. I/O circuitry 
304 provides an interface for the input of structured information to and output of 
structured information from system 106. I/O circuitry 304 includes input devices, such 
as trackball, mice, touchpads and keyboards, and output devices, such as printers and 

25 monitors. 

In the Fig. 3b embodiment, memory 308 stores site administration software 314, 
operating system 316, data 312, application server software 320 and java virtual machine 
322. Operating system 316 provides overall system functionality. Data 312 may be any 
structured data required by system 106, such as asset files and non-asset files. Site 
30 administration software 314 includes modular applications that run within sites. 
Administration software 314 provides the functionality for providing and managing of 
sites on framework 100 as a collection of web objects that can be manipulated by a set of 
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users having assigned privileges defined by permissions associated with each object in 
the collection of objects. The java virtual machine 322 converts the Java intermediate 
language (bytecode) into machine language and executes it. Application server software 
322 performs the functions for processing between system 102 and system 108 

5 Fig. 4 is an exemplary block diagram of system 108 illustrated in Fig. 1, in which 

the present invention may be implemented. System 108 may be a database management 
system that includes data for retrieval by system 106 and employed by Framework 100 to 
perform the functions associated with the present invention. In the Fig. 4 embodiment, 
system 108 is a general purpose computer, such as a workstation, personal computer, 
10 server or the like, but may be any apparatus that executes program instruction in 
accordance with the present invention. System 108 includes a processor (CPU) 402 
connected by a bus 418 to memory 408, network interface 410 and I/O circuitry 404. 

In the Fig. 4 embodiment, CPU 402 is a microprocessor, such as an INTEL 
PENTIUM® or AMD® processor, but may be any processor that executes program 

15 instructions in order to carry out the functions of the present invention. As shown, CPU 
402 and the various other components of the server 108 communicate through a system 
bus 418 or similar architecture. Network interface 410 provides an interface between 
system 108 and a network 104, such as the Internet. The network 104 may be a local 
area network (LAN), a wide area network (WAN), or combinations thereof. I/O circuitry 

20 provides an interface for the input of structured information to and output of structured 
information from system 108. I/O circuitry 404 includes input devices, such as trackball, 
mice, touchpads and keyboards, and output devices, such as printers and monitors. 

In the FIG. 4 embodiment, memory 408 stores data 416, such a file asset and non- 
file assets employed by Framework 100. Memory 408 includes routines, such as database 
25 management routines 412, and operating system 414. Memory 408 includes memory 
devices, such as read only memory (ROM), random access memory (RAM) hard disks, 
CD-ROMs, floppy disks, optical storage devices, magnetic storage devices, etc. 

REPOSITORY FRAMEWORK 

Fig. 5a illustrates an exemplary repository framework for storing a collection of 
30 references associated with a collection of objects in Framework 100 for sites according to 
an embodiment of the present invention. In the Fig. 5 a embodiment of the present 
invention, the repository framework 500 may be implement to perform a sharing type of 
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administration. A sharing type of administration makes an object in Framework 100 
available for reuse by a site, directly or indirectly, by storing duplicates to a reference to 
the object in one or more repository. In the Fig. 5 embodiment, repository framework 
500 includes site repositories 506, a system repository 508 and a shared repository 510. 
5 A combination of at least two repositories in framework 500 may be employed to 
perform a sharing type of administration. A reference to an object in Framework 100 
may be stored in any number of repositories in repository framework 500 or in no 
repositories at all. 

In the Fig. 5a embodiment of the present invention, a site repository 506 stores a 
10 collection of references to a collection of objects for a site. The collection of objects may 
be stored in a system, such as 108. Each site in Framework 100 has an associated site 
repository. References to objects may be stored in a site repository based on privileges 
granted with respect to the site associated with the site repository. For example, a site 
desiring to perform a share type administration must have privileges over the site where a 
1 5 reference to an object is to be stored. 

A site repository provides partitioning of referenced objects in Framework 100 
based on sites and constrains viewing of referenced objects stored in a site repository to a 
set of users, such as site administrators. This type partitioning provides a security model 
that facilitates the creation of unique sites. Storage of duplicate references to objects in a 
20 site repository 506 makes the object available for reuse by a site associated with the site 
repository 506. For example, a site A will be able to use objects in a repository for site 
A and a site B will be able to use objects in a repository for site B. Each object available 
for reuse in a site repository may be provided with permissions to define privileges for 
the object. 

25 A site administrator for a site may be automatically granted privileges over 

objects referenced in a site repository for the site. In the Fig. 5a embodiment of the 
present invention, the set of privileges includes viewing and modifying the references to 
objects in the site repository 500 for a site. Modification of objects referenced in a site 
repository 500 for a site may include adding and removing the references to objects in 

30 the collection of software objects stored in the site repository. 

In the Fig. 5a embodiment of the present invention, the reference to objects stored 
in a site repository 506 may include references to groups. Each reference to a group may 
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allow for access to individual users in the group. Each group may be granted privileges 
to create, edit and delete ungrouped users. An Ungrouped user is a user not yet assigned 
to group. The ungrouped user may or may not have privileges associated with other 
groups. System permissions, such as can create ungrouped users and can edit/delete 
5 ungrouped users, define groups privileges to create, edit and delete ungrouped users. The 
storage of references to groups in a site repository makes the groups and the respective 
users in the group available for functions done in the context of the site for the site 
repository. In an embodiment of the present invention, users may not be shared between 
site repositories. 

10 In the Fig. 5a embodiment of the present invention, a system repository 508 is a 

view of a collection references to objects on Framework 100. The references to objects 
provided in a view of a system repository 508 is based on privileges granted to a user to 
access objects in Framework 100. The reference to objects provided in the view may be 
further based on system repository privileges, such as can see system repository 

1 5 privileges and can see system administration context privileges, granted to the user with 
respect to accessing the system repository. The values of permissions, such as can see 
system repository and can see system administration context, define the system 
repository privileges. 

In the Fig. 5a embodiment of the present invention, a shared repository 510 stores 
20 a collection of references to a collection of objects on Framework 100 that are available 
for reuse by sites on Framework 100. Each site in Framework 100 has a section in a 
shared repository 510 as illustrated in Fig 5b and discussed further herein below. The 
storage of references to objects in a shared repository may require designation of the 
section of the shared repository for a site. The references to objects stored in a section of 
25 shared repository for a site are the objects available for reuse by the site. An object may 
be referenced in a share repository a number of times, such as once in a section for each 
site, on Framework 100 in the shared repository. For example, module B is stored once 
in a site A section, a site B section, and an All Sites section of a shared repository. In the 
Fig. 5a embodiment of the present invention, references to objects will be stored in a 
30 shared repository as read-only by default in both a site context and system wide context. 
Site Administrators of a site may be granted privileges to modify the read-only status of 
references to objects in a section of a shared repository for the site. 
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In an embodiment of the present invention, references to objects may be stored in 
a section of a shared repository for a particular site by users having visibility privileges 
for the site and can share into shared repository privileges for the system. These 
privileges may be granted by setting appropriate permissions values for the user. In 
5 order to share objects to an All Sites section of a shared repository can share to all sites 
privileges may be required by users sharing the objects. All sites privileges may be 
granted to users by setting all sites system permissions for the users. 

References to objects stored in a shared repository may be viewed by a set of 
users. In an embodiment of the present invention, references to objects stored in a shared 

10 repository may be viewed by a set of users in a site context and a system context. 
References to objects viewed from a site context and system context may be references to 
objects in a section of a shared repository for the site. A set of users having can see 
shared repository privileges for a particular site may view the reference to objects in the 
section of a shared repository for the site. The set of users may be granted these 

15 privileges by setting can see shared repository permissions for the set of users. In an 
embodiment of the present invention, references to objects viewed from a system 
context. References to objects viewed from a system context may be references to 
objects in a shared repository. A set of users having system wide can see shared 
repository privileges may view objects in a section of a shared repository for the site. 

20 These privileges may be granted to the set of users by setting system wide can see shared 
repository permissions. 

In an embodiment of the present invention, an unsharing type of administration 
removes an object in Framework 100 from a site by removing a reference to the object. 
An object may be removed from a site by removing the reference to the object from a 
25 repository. This type of unsharing applies to the site that the objects were intended to be 
shared with by the user. For example, if an object was shared to a site B by a site A and 
shared by site B to a site C, unsharing by site A only affects site B and not site C. In 
order for the object to be unshared to site C, site B will have to unshare the object. 
Objects may be unshared with all sites by deleting the objects from the Framework 100. 

30 AUTOMATIC PERMISSIONING FRAMEWORK 

Permissions to define privileges associated with objects may be set with default 
values in Framework 100. Default values automatically grant privileges with respects to 



18 



WO 03/025796 



PCT/US02/28226 



objects. Fig. 5b illustrates exemplary rules governing setting of default values for 
permissions of objects. In an embodiment of the present invention, the rules governing 
setting of default values for permissions of objects apply all the time. They are not 
mutually exclusive. The default values may be overridden after creation in a site context 
5 or system context. Automatic permissions prevent objects from being orphaned the 
moment they are created, provide creators of objects access rights to the objects, allow a 
peer group of a set of users to also have access rights over the object, allow a set of users 
to perform administration on that object other than the creator and reduces administration 
duties. 

1 0 Privileges may be granted automatically to users and groups in Framework 100 in 

order to perform various types of administration. The automatic grant of privileges is 
governed by rules implemented by Framework 100. In an embodiment of the present 
invention, the rules implemented by Framework 100 define values automatically 
assigned to permission values based on, in part, an occurrence of a type of administration 

15 in Framework 100. The values automatically assigned to permission can be overridden at 
the site level provided a set of users have the privileges to modify the system properties 
in a site context. 

The rules governing the automatic privileges include object type create, site 
transfer, site administration group, non-site administration group and delegated 

20 administration. In the embodiment of the present invention, the object type create rule 
pertains to the creation of a new object on systems level and applies to users having 
system level permission to create that particular type of object. In an embodiment of the 
present invention, the object type create rule pertains to the creation of a new object on a 
site level and applies to users having permission in a site to create that particular type of 

25 object. 

The site transfer rule defines the transfer of objects to a site repository. In an 
embodiment of the present invention, the site transfer rule precludes the storing of 
references to objects to a site repository by users without "can add to this site" 
permission for a site associated with the site repository. In an embodiment of the present 
30 invention, the site transfer rule precludes sharing objects to a site repository by users 
without "can share to site" permission for the site associated with the site repository. 
Sharing objects may include performing a share type administration to store a reference 
to an object in a respective repository. In an embodiment of the present invention, the 



19 



WO 03/025796 



PCT/LS02/28226 



site transfer rule precludes sharing objects to a system repository by users without site- 
level "can share to server" permission. 

The site administration rule defines permission value settings for object to specify 
the scope of administrative privileges automatically provided to an administration group. 
5 In an embodiment of the present invention, a site administrator group is granted full 
administrative privileges over objects created for a site. This rule enables a user assigned 
to the administration group for a site to maintain strict control over the site as well as 
prevents the creation of objects by users other than users assigned to the administration 
group which may be then left the responsibility of the users in the administration group. 

10 The non-site administration rule defines the scope of administration privileges 

provided to a group as a result of object creation. A user may be included in a set of 
groups with can create privileges. In an embodiment of the present invention, a non-site 
administration group is granted full administrative privileges over objects created by a 
user in the non-site administration group and granted can create privileges by the non-site 

15 administration group. In an embodiment of the present invention, a non-site 
administration group is selected to be granted full administrative privileges over objects 
created by a user in groups which include the non-site administration group and granted 
can create privileges by the non-site administration group. 

Fig. 5c is an exemplary diagram explaining the application of the non-site 
20 administration rule. The non-site administration rule applies when a user having can 
create privileges creates an object in a site. In an embodiment of the present invention, a 
user having can create privileges due to membership in a single group will result in the 
single group having full privileges over objects created by the users. In an embodiment 
of the present invention, a user having can create privileges due to membership in more 
25 than one group will result in one of the groups having full privileges over objects created 
by the user. The group having full privileges is selected by the user. In an embodiment 
of the present invention, a user having can create privileges due to membership in more 
than one group, including a site administration group, will result in the site 
administration group and another one of the group having full privileges over objects 
30 created by the user. The group other than the site administration group having full 
privilege is selected by the user. 
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In the embodiment of Fig. 5c, column 510 is a list of groups having "can create z" 
permission for a site Y. Each cell in columns 512-520 specifies the groups that users 1- 
user 5 have membership. In the examples shown in Fig. 5c, User 1 is a member of the 
site Y Administrator Group. The site Y Administrator Group is automatically given full 
5 administrator permission over Z without prompting user 1 to select the group. User 2 is a 
member of both Group A and the site Y Administration Group. Group A is selected to 
grant full administration privileges over Z with prompting to user 2. The site Y 
Administration Group is automatically granted full administrative privileges over Z 
without prompting user 2. User 3 is the similar to User 2 except that the user may select 
10 more than one group to grant full administration privileges over Z. User 4 is similar to 
User 1 in that the site administrator group is automatically granted full administrative 
privileges over Z without prompting user 4, while Group A is selected to grant full 
administrative privileges over Z with prompting to user 4. User 5 is similar to User 3 
except that the user is prompted to select 1 or more groups. 

15 The delegated administration rule requires that an object created by a delegated 

administrator in a system context designates at lease one group having can create 
privileges for the object to receive full administrative permission over the object. 

FRAMEWORK ADMINISTRATION 

Administration of sites maybe implemented by site administration software 314. 

20 Administration may include, but is not limited to, deploying a site, locking down 
elements, creating sites anywhere in Framework 100, granting and revoking privileges to 
users for performing administration, configuring privileges for sites, mapping created 
sites to URL, modifying systems properties, site branding, sharing objects between sites 
and deploying components between portals. The administration of sites may be 

25 performed in a site context and a system context. Administrative users and delegated 
administrative users having both administrative visible privileges for a site and can 
access site administration context privileges for the site may perform administration in a 
site context. The Administrative users and delegated administrative users may be granted 
these privileges through the setting of administrative visible permissions for a site and 

30 can access administration context permissions for the site. 

Administrative users and delegated administrative users having both can see 
system repository privileges and can access system-wide administration context 
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privileges may perform administration in a system-wide context. The Administrative 
users and delegated administrative users may be granted these privileges through the 
setting of can see system repository permissions and can access system administration 
context permissions. The Administrative users and delegated administrative users may 
5 perform administration on all objects in Framework 100 based on privileges 
automatically granted, such as server administrators, or by delegation, such as delegated 
administrators. Administration may be performed on a site context to system properties 
having default values. 

The creating site administration type may include creating sites. Sites may be 
10 created on Framework 100 in a bulk automated fashion and a manually piece by piece 
fashion. The number of sites that may be created is unlimited. Additionally, sites may be 
created where sites are organized in a tree structure forming a site hierarchy. Created 
sites may be viewed and maintained by users granted privilege to view and/or maintain 
created sites. Privileges may be granted to users automatically or by delegation. 

15 Sites may be created on Framework 100 in a bulk automated fashion and a 

manual piece by piece fashion. Bulk site-creation may be performed by employing an 
XML-based Sites Installation Utility. Bulk site-creation may be performed at an initial 
installation of the present invention or at a special post-installation of the present 
invention. Installation of the present invention may be performed without restarting 

20 systems of Framework 100 based on the types of elements, such as new module types 
and users contained within added sites. Software installer and individual module 
installers enable the addition and update of sites without restarting the software instance. 
This bulk mechanism shall work across clustered installations. 

Manual Site creation may be performed by a set of users as defined by privilege 
25 granted automatically or specifically delegated by a user with privileges to delegate such 
privilege. The set of users may include a user, such as a server administrator, a set of 
users assigned site creation privileges by the user, and a set of users assigned site creation 
privileges by the set of users assigned site creation privileges. 

The number of sites that may be created is unlimited. In an embodiment of the 
30 present invention, the number of sites that may be created is predetermined to a 
maximum number of N sites. The maximum number of sites created versus the number 
of remaining sites that may be created is available to a user, such as a server 
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administrator. In an embodiment of the present invention, the creation of a maximum 
number sites precludes the creation of additional sites beyond the maximum number. 
This may disable the availability of create site functionality. 

Each site may include selectable options to control accessibility to a site. The 
5 selectable option includes a site enabled, site preview, a remember me and re- 
authentication. These options may be selected by administrators, such as site and server. 
The site enabled option may control the publishing of a site and the visibility of the site 
by end-users. The site enabled options overrides standard permissions on the site for 
viewing the site. Site administrators for a site may view the site despite the setting of the 

10 site enabled option. The site preview option may be selectable from the administration 
console. An administrator of multiple sites may preview each of the sites in a system 
context employing an administration site. Previewing a site includes an administrator 
selecting the identity of a user to define a perspective from which to preview a site. In 
an embodiment of the present invention, the administrator has edit/delete permission 

15 over the user whose identity is selected. The re-authentication (re-login) option for a site 
requires a user who has already logged to another site in Framework 100 to login to the 
site that requires re-authentication. Once a user has logged into a site with the re- 
authentication option selected, the user will be authenticated for the duration of the 
session with the site. In an embodiment of the present invention, a user should remain 

20 authenticated against all sites in the system that the user was previously authenticated. 
The Remember Me option allows users ids to be stored on their computer. 

The ability of a user to perform administration may be defined by create site 
privileges granted to the user. In an embodiment of the present invention, the created site 
privileges may be granted by setting requisite permissions for the user. Create site 

25 privileges may be granted automatically and by delegation. For example, create site 
privileges may be granted automatically to the user, such as server administrator and a 
member of a site administration group, upon the occurrence of an event, such as 
installation of the present invention and creation of a site. Alternatively, create site 
privileges may be granted by delegation to the user, such as delegated administrators and 

30 end-users, upon the assignment of create site privilege by a user having create site 
privileges. Sets of users automatically granted create site privileges facilitate the 
maintenance of sites. Site administrators exist for as long as the site for which they have 
create site privileges exists. For example, a site administration group is created upon the 
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creation ol a site and automatically receives create site privileges to create a site as well 
as immediate control over the sites functionality, look-and-feel, navigational format, and 
user membership. This group and the members assigned to this group may exist for as 
long as the site that their create site privilege is based upon exists. 

5 Sites created in Framework 100 may be organized in a tree structure to form a site 

hierarchy. A site hierarchy is a group of sites that have a hierarchical administrative 
organization. Administrators of a site may perform administration on a sub-site of the 
site including granting create site privileges to users to create sub-sites to the site and can 
share to site privileges to users to allow sharing objects to the site. Privileges granted by 

1 0 a site administrator to users of sub-sites may be revoked by the site administrator. This 
type of site creation provides a permissioning hierarchy. Fig. 6 illustrates an exemplary 
embodiment of a site hierarchy, implemented by the present invention. In the Fig. 6 
embodiment of the present invention, Site A (602a) and site B (602b) are parent sites 
(top-level site). These top-level sites were created by a set of users (604), such as server 

15 administrators, automatically granted create site privileges upon an event, such as 
installation of the present invention. Upon creation of the top level site 602, a set of 
users 606a and 606b, such as members of a site administrator group, were defined to 
maintain the top level sites 602 respectively, were granted create site privileges to create 
sub-sites to the top-level sites 602 and can add /can share to site privileges to service 

20 objects with sites, such as by storing a reference to an object in the site's repository 
directly or indirectly. In the Fig. 6 embodiment of the present invention, create site 
privileges may not be granted by delegation to the set of users 606 or other sets of users 
based on create site privilege of a top-level site 602 by users 604 or 606. 

Each of the users in the set of users 606a may create a set of sub-sites, such as site 
25 C (608a) and site D (608b), of site 602a. Likewise, each of the users in the set of users 
606b may create a set of sub-sites, such as site E (608c), of site 602b. Upon creation of 
sub-sites 608, a set of users 610a, 610b and 610c, such as site administrators, were 
defined to maintain sub-sites 608 respectively as well as automatically granted create site 
privileges to create sub-sites to sub-sites 608. In the Fig. 6 embodiment of the present 
30 invention, create site privileges may be granted by delegation to sets of users (not shown) 
based on create site privilege of sub-sites 608 by users, such as 610, having create site 
privileges for sub-sites 608. 
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Each of the users in the set of users 610 may create a set of sub-site, such as site F 
(612), of site 608a. Upon creation of sub-site 612, a set of users 614, such as site 
administrators, were defined to maintain sub-site 612 as well as automatically granted 
create site privileges to create sub-sites to sub-site 612. In the Fig. 6 embodiment of the 
5 present invention, create site privileges may be granted by delegation to sets of users (not 
shown) based on create site privilege of sub-site 612 by users, such as 614, having create 
site privileges for sub-sites 612. 

The set of users, such as server administrators, may perform modifying systems 
properties type administration on properties including system module display categories, 
10 default branding/theme, default module palette set for new sites and default security 
settings. Default security setting include allow self-registration, email replacement 
passwords, allow guest users, force re-authentication and allow per-user branding 
overrides. Default value settings are values that one or more permission of all new sites 
will be given automatically. 

15 The set of users, such as server administrators, may also perform modifying 

systems properties type administration on properties and objects including administrative 
site branding, dialog pages, error pages and tool modules. Administrative site branding 
includes setting the theme and structure of a site as well as enabling child site to override 
administrative site branding. 

20 The mapping created sites to URL type administration may be performed on sites 

created in Framework 100. A site mapping to a URL type administration is an 
association of a particular site with a valid hostname for a server/computer. In an 
embodiment of the present invention, site to URL mappings will be specified in the 
system administration context by, a set of user for a site, such as server administrator. 

25 Each site in the system can have a set of URL mappings. For example, a URL can only 
be mapped to one site. 

Site to URL mappings specified in a system administration context may be 
overridden by modifying primary site values. In an embodiment of the present invention, 
primary site values are modified employing an administration site for a set of users, such 
30 as end-users. The administration site may be provided as a form for setting primary site 
values. Fig. 7 depicts an exemplary form for setting primary site values according to an 
embodiment of the present invention. The form 700 may include a site column 702 and a 
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primary site column 704. The site column 702 lists sites in Framework 100 accessible 
(enabled) to a set of users for whom primary site settings are being set, and "visible" for 
an administrative set of users, such as site administrators. Primary site column 704 
indicates a site designated as a primary site from the list of sites in the site column 702. 
5 The designation of a primary site is optional and may be forgone by designating None. 

A server administrator may optionally select a site as a default site for framework 
100. In an embodiment of the present invention, a default site is provided whenever a 
requested URL or IP address is not mapped to a site in Framework 100. A server 
administrator may optionally select wildcard DNS behavior for sites. The wildcard DNS 
10 option disables site to URL mappings to make new sites in the system automatically 
addressable as http://sitename.domainname. The domain name, such as "epicentric.com", 
will be shared by all sites when the wildcard DNS option is selected. 

An object of a site may be shared (reused between sites) and made available for 
reuse by another site directly or indirectly. Fig. 8 illustrates an exemplary embodiment 

15 of object sharing (reuse) between sites employing Framework 500, implemented by the 
present invention. In the Fig. 8 embodiment of the present invention, various methods 
are depicted for sharing an object of site A 802 to site B 804 and site C 814 under 
system and site administrative contexts. Permissions for sharing an object within a site 
may be set from within a site context and system context. Permissions set from a site 

20 context will generate a system group in the source group column for any new 
permissions added to a Permissions Granted table. 

An object may be directly shared with a site in a site context. In an embodiment 
of the present invention, a reference to an object of site A 802 is stored in the site 
repository for site A. The object of site A may be shared directly with site B 804 through 

25 the execution of a share type administration. The share type administration may include 
storing, in the site B repository, a duplicate of the reference to the object. The execution 
of a share type administration may require that the site performing the type 
administration have can share privileges with respects to the site where the object is 
being shared. This privilege may be granted by setting a can share to site B permission 

30 for site A 804. Users of site A, such as site Administrators for site A, may be precluded 
from viewing the site B repository. Users of site A, such as site Administrators for site A, 
may be notified of objects shared as well as allowed to discontinue use of shared objects. 
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The object shared may be added to site B through tne execution ot a snare type 
administration. 

An object may be indirectly shared with a site in a site context. In an 
embodiment of the present invention, a reference to an object of site A 802 is stored in 
5 the site repository for site A. The object of site A 802 may be made available for reuse 
by site B 804, through the execution of a type administration. The type administration 
may include storing, in the section of the shared repository for site B, a duplicate of the 
reference to the object. The object made available for reuse by site B may be shared with 
site B by executing another share type administration. This share type administration 

10 may include storing in the site B repository, a second duplicate of the reference to the 
object site A. The execution of a share type administration may require that the site 
performing the share operation have can share privileges for the shared repository. The 
user performing the share type administration to share the object to the site may have can 
add privileges with respect to the site where the object is being shared. These privileges 

1 5 may be granted by setting a can share to site B permission for site A 802. Users of site 
A, such as site Administrators for site A, may be precluded from viewing the site B 
repository. Users of site A, such as site Administrators for site A, may be notified of 
objects shared as well as allowed to discontinue the availability of objects for reuse that 
they transferred. The object shared may be added to site B through the execution of a 

20 share type administration. 

In an embodiment of the present invention, a reference to an object of site A 802 
is stored in the site repository for site A. The object of site A 702 may be shared 
indirectly or made available for reuse by site B 804, through the execution of a share type 
administration. The share type administration may include storing, in a system 

25 repository, a reference to the object of site A. The object made available for reuse by site 
B may be shared with site B by executing another share type administration. This share 
type administration may include storing in the site B repository, a second duplicate of the 
reference to the object for the object of site A. The execution of a share type 
administration may require that the site performing the share type administration have 

30 can share to system privileges with respects to the system repository. The user 
performing the share type administration to add the object to the site may have can see 
shared privileges with respects to the site where the object is being added. This privilege 
may be granted by setting a can share to site B permission for site A 804. Users of site 
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A, such as site Administrators for site A, may be precluded from viewing the site B 
section of the shared repository. Users of site A, such as site Administrators for site A, 
may be notified of objects shared as well as allowed to discontinue the availability of 
objects for reuse that they transferred. The object shared may be added to site B through 
5 the execution of a share type administration. 

An object shared to a first site may be further directly shared to another site by 
the first site. In an embodiment of the present invention, a duplicate reference to an 
object of site A 802 is stored in the site repository for site B. The object whose duplicate 
reference is stored in the site B repository of site B may be shared directly with site C 

10 814 through the execution of a share type administration. The share type administration 
may include storing, in the site C repository 816, another duplicate of the reference to the 
object. The execution of a share type administration may require that the site performing 
the type administration have can share privileges with respects to the site where the 
object is being shared. This privilege may be granted by setting a can share to site C 

15 permission for site B. Users of site B and site A, such as site Administrators for site A 
and site B, may be precluded from viewing the site C repository 816. Users of site A and 
site B, such as site Administrators for site A and site B, may be notified of objects shared 
as well as allowed to discontinue use of shared objects. The object shared may be added 
to site C 814 through the execution of a share type administration. 

20 An object share to a first site may be further indirectly shared with another site by 

the first site in a site context. In an embodiment of the present invention, a duplicate 
reference to an object of site A 802 is stored in the site repository for site B. The object 
of site A 802, whose duplicate reference is stored in the site repository of site B, may be 
made available for reuse by site C 814, through the execution of a type administration. 

25 The type administration may include storing, in the section of the shared repository for 
site C 814, a duplicate of the reference to the object. The object made available for reuse 
by site C may be shared with site C by executing another share type administration. This 
share type administration may include storing in the site C repository, a second duplicate 
of the reference to the object site A. The execution of a share type administration may 

30 require that the site performing the share operation have can share privileges for the 
shared repository. The user performing the share type administration to share the object 
to the site may have can add privileges with respect to the site where the object is being 
shared. These privileges may be granted by setting a can share to site C permission for 
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site B 804. Users of site A and site B, such as site Administrators for site A and site B, 
may be precluded from viewing the site B repository. Users of site A and site B, such as 
site Administrators for site A and site B, may be notified of objects shared as well as 
allowed to discontinue the availability of objects for reuse that they transferred. The 
5 object shared may be added to site C through the execution of a share type 
administration. 

In an embodiment of the present invention, an object of site A 802, whose 
duplicate reference is stored in the site repository for site B, may be shared indirectly or 
made available for reuse by site C 814, through the execution of a share type 

10 administration. The share type administration may include storing, in a system 
repository, a duplicate reference to the object of site A. The object made available for 
reuse by site C may be shared with site C by executing another share type administration. 
This share type administration may include storing in the site C repository, a second 
duplicate of the reference to the object for the object of site A. The execution of a share 

15 type administration may require that the site performing the share type administration 
have can share to system privileges with respects to the system repository. The user 
performing the share type administration to add the object to the site may have can see 
shared privileges with respects to the site where the object is being added. This privilege 
may be granted by setting a can share to site C permission for site B 804. Users of site A 

20 and site B, may be precluded from viewing the site C section of the shared repository. 
Users of site A and site B may be notified of objects shared as well as allowed to 
discontinue the availability of objects for reuse that they transferred. The object shared 
may be added to site C through the execution of a share type administration. 

Once a reference to an object has been stored to either the site repository of a site 
25 or the section of the shared repository of a site, a user of the site having can share 
privileges for another site may make available for reuse or share any one of the objects to 
the other site. This chain of reuse may be performed by any user granted can share 
privileges and having a shared object associated with a site in which they administer. In 
an embodiment of the present invention, objects in a chain of transfer will remain read- 
30 only. 

An object shared or made available to a site may be made unavailable and 
unshared from the site. In an embodiment of the present invention, an object shared or 
made available to a site may be unshared and made unavailable for reuse, respectively, 
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through the execution of a share type administration. The share type administration may 
include removing a reference to the object from a repository. The repository may be a 
repository of the site, a share repository and a systems repository. For example, site A 
may discontinue the availability of objects transferred to site B for reuse by site A. The 
5 availability of objects for reuse by a site and sharing of objects may be discontinued 
despite the can add privileges of a site. For example, availability of an object is 
discontinued by executing a share type administration to remove a reference to an object 
from a section of a shared repository for a site, even when the reference to the object has 
been stored in the site repository for the site. The adding of objects to a site, making of 
10 objects available for reuse by a site, sharing of objects, making of objects unavailable and 
unsharing of objects has no effect on administrative privileges granted to users and 
groups for the objects. 

In an embodiment of the present invention, objects shared, made available for 
reuse, added to a site, made unavailable for reuse and unshared may include compound 

15 objects. Compound objects, for the purposes of the present invention, are objects that 
include child objects that are structured in a hierarchy. Compound objects include sites, 
menus, and pages. A site compound object includes, but is not limited to, a site, menus, 
pages and modules. For example, a site includes menus, the menus include pages and the 
pages include modules. A menu compound object includes, but is not limited to, a menu, 

20 pages and modules. A page compound object includes, but is not limited to, a page and 
modules. 

In an embodiment of the present invention, menus, pages and modules are the 
compound objects that may be shared recursively. Recursive sharing includes storing a 
reference to each child object of a compound object when a reference to the compound 

25 object is stored in a repository. For example, sharing a page including three modules to a 
site includes storing a reference to the page in the repository for the site as well as 
references to each of the three modules. In an embodiment of the present invention, 
compound objects may be shared and made available for reuse without each child object 
of the compound object when a reference to the compound object is stored to a 

30 repository. For example, sharing a page including three modules to a site, but only 
sharing the page with two modules, includes storing a reference to the page in the 
repository for the site as well as references to two modules. 
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In an embodiment of the present invention, child objects whose reference are not 
stored with their respective compound object will not appear with the compound object 
when the compound object is added to the site. For example, a menu shared with some 
of the pages that the menu points to, but not all of them, will appear with broken links on 
5 the menu when the menu is added to the site. Child objects not shared may be obtained 
for addition to the site in another manner. For example, the broken links of the menu may 
be customized by obtaining the non-shared pages elsewhere on Framework 100 or 
different pages in accordance with edit privileges that are granted over the menu. In an 
embodiment of the present invention, sharing a compound object with a site, making a 
10 compound object available for reuse by a site and adding a compound object for use by a 
site includes determining whether the compound object is in a site repository for a site 
and determining whether the user has end-user enabled permission on the compound 
object. 

A compound object made available for reuse by a site, shared to a site, and added 
15 to a site may be made unavailable and unshared from the site. In an embodiment of the 
present invention, a compound object shared or made available to a site may be unshared 
and made unavailable for reuse, respectively, through the execution of a share type 
administration. The share type administration may include removing a reference to the 
compound object as well as references to all child objects from a repository. For 
20 example, a page with three modules made unavailable for reuse includes removing 
reference to the page and the reference to the three modules from the repository. In an 
embodiment of the present invention, the removal of references to objects from a 
repository of objects added to a site removes the objects from the site. Child objects not 
shared, but obtained elsewhere, will remain available for sharing. 

25 User groups may be shared between sites. In an embodiment of the present 

invention, user group objects shared with a site are shared as read-only. The site that the 
user group object are shared with will not be able to add users to, or delete users from, 
this group. Permission for this group will not be modifiable. A set of users for the site 
may be granted privileges to modify the permissions for the group. 

30 An object that references and uses other objects may be made available for reuse 

by a site, shared to a site and added to a site. The object may be made available, shared 
and added to a site through the execution of a share type administration. The share type 
administration may be a simple share and a compound share. Fig. 9 is an exemplary 
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table illustrating objects and the objects they may reference and use. In a simple share 
type administration, a reference to the object that references other objects is stored in a 
repository. In a compound share type administration references to the object that 
references other objects and reference to the other objects are stored in a repository. 

5 Permissions can be inherited via group hierarchy, shares can also be inherited via 

group hierarchy. This doesn't mean that shared objects will appear in multiple 
repositories according to hierarchy. It means that a site administrator who is higher up in 
the hierarchy than two other site administrator groups will be able to see and manipulate 
not only his/her own shares, but his/her child group's shares. 

10 Sites may be configured to have a specific look-and-feel. The look-and-feel of a 

site is referred to, for purposes of the present invention, as the branding for the site. 
Objects in a site that may have branding include pages of a site and navigational 
elements of a site. Branding may include a theme and a structure. A theme may be a 
collection of styles on a page of a site. Branding for a site may be determined, in part, by 

15 associating a theme with the site. Each style in the collection of styles may pertain to a 
particular template (element). A set of styles, one for each of the element, may be 
grouped together to form a single theme. A server administrator may specify the 
branding for a site, including an administration site. 

In an embodiment of the present invention, a theme is a permissionable and 
20 sharable object in a site. Each theme may include a system set of colors and fonts when 
first created. System color and font settings are displayed in the system context. Sever 
administrators can add additional color and font settings to themes. The additional color 
and font settings may be overridden for each theme on framework 100. End users may 
override font and color settings with their own settings on sites that apply a font/color 
25 option. A font/color option for a site may enable end users to override system font and 
color setting with their own fonts and colors for that particular site. 

In an embodiment of the present invention, a style is a JSP code fragment that 
controls the way a particular element is displayed. Any number of different styles may be 
used to display an element. Styles may be provided as style objects in administrative 
30 sites. In an embodiment of the present invention, style objects are permissionable objects 
that can be shared between sites. Elements include, but are not limited to, a chrome, a 
footer, a header, navigation (site controls) and tabs (navigation). The chrome includes 
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elements that surround the actual content of a module, tor example, a module title, as 
well as, edit, minimize, and delete buttons are all part of the module chrome. The header 
includes content that typically appears at the top of a page. The site controls include 
buttons, links, or other elements for navigating to web pages that support other site 
5 features (such as user personalization pages). Site controls may be available in both 
horizontal and vertical configurations. Navigation includes navigational elements for 
switching between front-door pages of a site. Navigation may be available in both 
horizontal and vertical configurations. 

In an embodiment of the present invention, a structure may be the layout of 
10 elements on a page of a site. A structure may be a JSP code segment that defines the 
arrangement (look and feel) of elements on a particular page. A structure may contain 
hard-coded custom look-and-feel logic (HTML and/or JSP). In an embodiment of the 
present invention, structures are permissionable objects that can be shared across 
between sites. 

15 The types of branding employable by a site includes a site default branding, an 

installation default branding and a guest branding. Guest branding includes a theme and 
structure that may be provided to a guest user by a site allowing access to 
unauthenticated (not logged in) users. A guest user module set may be employed for each 
page in order to specify modules available to the guest users. Each guest user module set 

20 may be provided on an administrator site for a site. An administrator may modify a guest 
user module set for a page that the administrator has can edit/delete privileges defined by 
can edit/delete permission for the page. 

Default branding includes a theme and structure automatically specified for a site 
when the site is created. Default branding may be employed in a site allowing access by 

25 UN-authenticated users where guest branding is not specified. The default branding for a 
site may be overridden by a site administrator of the site. Overriding default branding 
may be performed by specifying a new theme and a new structure for the site. 
Overriding of default branding includes brand for menu items on a site. A higher level 
chrome branding may be overridden by specifying a chrome within a site as the new 

30 chrome for the site. Installation default branding includes a theme and structure specified 
for a site without default site branding. 
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The branding of navigational elements for a page of a site may include a 
structure. In an embodiment of the present invention, the structure of navigational 
elements includes one set of navigation elements, two sets of navigational elements, and 
grouping of different navigation levels into two sets. Site navigation elements may 
5 include any number of navigation levels. Figs. 10-11 are exemplary embodiments of 
multi-level navigational configurations. In the Fig. 10 embodiment of the present 
invention, a three level navigational menu 1000 is depicted with level- 1 1002, level-2 
1004 and level-3 1006 each configured horizontally. In the Fig. 11 embodiment of the 
present invention, a three level navigational menu 1 100 is depicted with level- 1 1 102 and 
10 level-2 1 1 04 each configured horizontally and level-3 vertically 1 106. 

The structure component of a branding may contain two distinct navigation 
elements. One of the two distinct navigation elements may render one set of menus on a 
page and the second of the two navigation elements may render a second set of menus on 
a page, as will be discussed in detail herein below. The structure component determines 
15 the set of menus rendered by a navigation element. A site administrator may specify the 
menu levels to be rendered by a plurality of navigational elements in a site having a 
plurality of menu levels. 

For example, in circumstances involving two navigation elements, a site 
administrator may specify the first and second menu levels to render employing a first 

20 navigation element and the third level through the fifth level to render employing a 
second navigation element. The first navigation element will render menu levels 1-2 and 
the second navigation element will render menu levels 3-5. Alternatively, a site 
administrator may specify the menu levels to render employing a navigational element in 
a site having a plurality of menu levels. For example, in circumstances involving one 

25 navigation element, a site administrator may specify the second menu level to render 
employing by the navigational element, when a first menu level is grouped in a first 
subset and the remaining levels are grouped in a second subset. The navigational 
element will render the second menu level and the remaining levels in the second subset. 

Branding may be included on an administration site. The branding on an 
30 administration site may be specified in a system context of an administration site. Server 
administrators may set the branding for the administration site. There may be an "allow 
referring sites to override admin site branding" option, which is a system-wide setting 
that controls whether or not the administration site's look-and-feel will change based on 
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a referring site's look-and-feel. The sub-section of the system admin site that controls 
these branding settings must ALWAYS be accessible in the event that the admin site's 
branding fails for some reason. (The "Diag" sub-section should also always be 
accessible, regardless of potential branding deployment problems.) 

5 Fig. 12 is an exemplary diagram illustrating deployment management for 

importing and exporting components of a site between portals employed by framework 
100. Deployment management may be implemented by a deployment management API 
1202 within software 314. Deployment management may include importing and 
exporting components of a site. Components of a site may include assets of objects in 
10 association with the site, such as modules as well as elements that define the look, feel 
and navigation. Assets of an object include non-file assets and file assets. 

A component may be exported through a deployment type administration. 
Deployment type administration to export a component may include designating a 
component for export employing a graphical user interface. An administration site may 

15 provide the graphical user interface. In an embodiment of the present invention, multiple 
components may be simultaneously designated for export including, but not limited to, 
components corresponding to an entire site. Components may be exported between 
systems over a network 1204 employing techniques to transfer files, such as FTP. In an 
embodiment of the present invention, components may be exported between systems by 

20 transfer to a computer readable medium. 

Deployment management API may employ a set of subsystems 1206 for a site. 
Each of the subsystems is configured to manage a type of component associated with the 
site. In the Fig 12 embodiment of the present invention, the set of subsystems for a site 
includes a site subsystem, a module subsystem, a template subsystem and a style 
25 subsystem. Deployment management API may query subsystems to identify components. 
A subsystem may identify components for which the subsystem is configured to manage. 
For example, module subsystem may be queried to identify modules that have been 
associated with the particular site. 

Each subsystem may collect assets, such as file assets and non-file assets, of each 
30 component they identified. In an embodiment of the present invention, the non-file assets 
may be constructed as an extensible markup language fragment, such as an XML 
fragment, having a predetermined structure. The extensible markup language fragment 
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may contain the descriptor ID of identified components and the ID of the subsystem that 
identified the component, hi an embodiment of the present invention, each subsystem 
collects the extensible markup language and the file assets for the components they 
identified. In an embodiment of the present invention, the extensible markup language 

5 and file assets collected by each subsystem are grouped together. 

The extensible markup language and the file assets collected by a subsystem may 
be stored as an individual file. Fig. 13 depicts an exemplary collection of extensible 
markup language 1302 and the file 1304 assets stored as individual export files. The 
individual export files may be component archive (CAR) files 1306. In the Fig. 12 

10 embodiment of the present invention, CAR files may include a page CAR file, a module 
CAR file and a menu CAR file. Individual CAR files may be collected and stored as a 
group export file. In an embodiment of the present invention, the group export file 
(TRUCK) 1308 is a file ready for transport in a zip format. Export files may be 
transmitted over a network to a remote system employing a file transfer protocol, such as 

15 FTP. In an embodiment of the present invention, export files may be transferred 
employing a computer readable medium. 

Export files may be imported by a remote system. The export files may be 
imported through a deployment type administration. Deployment type administration 
may include designating an export file employing a graphical user interface provided by 

20 an administrative site. The export file may be any one of a CAR file or a TRUCK file. 
In an embodiment of the present invention, designation of a TRUCK file generates the 
extraction of each CAR file in a TRUCK file. Extensible markup language for each 
CAR file may be examined to determine descriptor IDs included within the extensible 
markup language. Based on the descriptor IDs, components may be identified. The 

25 components may be extracted to the appropriate location in a file system of the portal. 
The XML fragment is then parsed and the objects contained therein are instantiated in the 
database or other relevant location. 

Navigation within a site may be hierarchical where a navigable item contains a 
navigable item. Navigable items include a page, a site, a uniform resource locator, a 
30 navigation level and a JSP include file. Navigation within a site may be an arbitrary 
hierarchical ordering of menu items that are arranged into distinct levels. A site 
navigation for a site may grow or shrink arbitrarily. The growth and shrinkage of a site 
navigation is dependent on the construction of the site navigation by an administrator, 
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such as site or server. For example, an administrator may construct a site navigation with 
2 items but may modify the site navigation to 3 items. In an embodiment of the present 
invention, each menu item is a navigable link to any one of the navigable items. 

A navigable link may be associated with a title. In an embodiment of the present 
5 invention, each menu item is associated with one link and title despite the location of the 
menu item. A site navigation definition may be associated with each menu item. Fig. 14 
illustrates menu items of menus with link titles for menu items definitions. In the Fig. 14 
embodiment of the present invention, menu items 1402 may link the user to the 
navigable item as specified by navigation definitions 1404. The menu item types 

10 include, but are not limited to, link-out type menu items and contained type menu items. 
In an embodiment of the present invention, a link-out menu item is one in which the link 
that is specified causes a redirect out of a particular site. For example, menu items that 
refer to URLs or other sites are link-out menu items. In an embodiment of the present 
invention, a contained menu item is one in which the link that is specified navigates to a 

15 page within the site. For example, a menu item containing a link to a page or a JSP 
include file is a contained menu item. Contained menu items cause a page within a site 
to be displayed. So contained menu items are the only kind of menu items that can be 
branded. 

Site navigation may be edited through an edit navigation type administration. A 
20 site administrator having can edit site navigation privileges for the site employing the site 
navigation may perform the edit navigation type administration. The site administrator 
may be granted the privilege by having the can edit site navigation permissions set. 
Segments of a site navigation may be captured as a menu object. A menu object is a 
permissionable and sharable object. Fig. 15 illustrates a segment of a site navigation 
25 captured as a menu object. In the embodiment of Fig. 15 of the present invention, a 
segment 1502 of site navigation 1500 is selected. The selected segment may be saved as 
a menu object. 

Returning briefly to Fig. 14. The segment of site navigation may be selected 
employing radial button 1406. Selection of a radial button selects the menu item and 
30 sub-menu items for the menu item as the segment. The menu object may be shared, 
made available and added to other sites in the system in order to recreate the segment of 
the site navigation on the other sites as a menu of part of a menu. In an embodiment of 
the present invention, pages referenced by a menu object shared to a site are also shared 
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to the site. Modification to a site navigation employing the menu object may not effect 
the segment of the site navigation from which the menu object originated. 

As a permissionable object a menu object may be enabled or disabled based on 
privileges granted a group viewing the site employing the menu object. In an 
5 embodiment of the present invention, menu items are modified based on the privileges 
granted to the group to which a user is a member. In an embodiment of the present 
invention, a menu item contained within a menu provides permissioning in a site context. 
Permissions for a menu item may include can edit per-site visibility and can edit settings. 
Visible permission over a menu may grant a site administrator privileges to use that 
10 menu in a site navigation. Edit/delete permission may grant an administrator privileges 
to arbitrarily edit or delete the menu. Can Edit Per-Site Branding permission is a per-site 
privilege that may allow an admin to override the per-site branding on menu items 
contained in the menu. 

The algorithm employed to render menus of a site may be selected through a 
15 menu presentation type administration. The algorithms to render a menu include a 
combined and an exclusive. In an embodiment of the present invention, the default mode 
for rendering menus employs the combined algorithm. A site administrator having 
privilege to edit menu presentation mode for a site may perform the selection of the 
algorithm employed by the site. Fig. 16a illustrates a table for implementing the 
20 combined algorithm. In the Fig. 16a embodiment of the present invention, the combined 
algorithm provides a user access to menus based on the privileges granted to the user due 
to membership in groups. In the embodiment of Fig. 16a, table 1600a includes menu 
items 1602a-1602e and groups including an everyone group 1604, a sales group 1606, a 
marketing group 1608 and an engineering group 1610 for a site. Application of the 
25 Combined algorithm to a user having membership in the sales group 1606 and a 
marketing group 1608 provides the user with access to Menu Items 1602a-1602c and 
1602d. As a result of all users in framework 100 being members of the everyone group, 
the user is provided access to menu items 1602a- 1602b. 

Fig. 16b illustrates a table for implementing the exclusive algorithm. Fig. 16b is 
30 best understood when viewed in combination with Fig. 16a. In the Fig. 16b embodiment 
of the present invention, the exclusive algorithm provides a user access to menus based 
on a priority level assigned to groups by a site administrator. In the embodiment of 16b, 
table 1600b includes groups 1606-1610 that have been assigned priority levels, where the 
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menu item for the engineering group 1610 has priority over menu items for both 
marketing group 1608 and sales group 1606 and marketing group 1608 has priority over 
sales group 1606. Application of the exclusive algorithm to a user having membership in 
the engineering group 1610 and the sales group 1606 provides the user with access to 
5 menu items 1602a- 1602b and 1602d illustrated in Fig. 16a. In an embodiment of the 
present invention, menu items enabled for the everyone group are provided to all users 
for access and the menu item for the group having the highest priority to which the users 
is a member is also provided. 

A site navigation for a site may use any number of menus. The site administrator 
10 of a site employing menus in its site navigation can select one of the menus as a top level 
locking menu. Fig. 17 depicts an exemplary embodiment of a top level locking interface. 
In the Fig. 17 embodiment of the present invention, the top level locking interface 
includes drop down menu 1702 and radial buttons 1704. Drop down menu 1702 may 
provide an administrator with menus of a site. Radial button may provide an 
15 administrator with the ability to specify where the menu selected by drop down menu 
1702 may be locked. A Menu may be locked to the beginning, the end as well as the end 
and beginning of the top level for a site navigation. Locking at both the beginning and 
the end of the top level means that the first level of navigation will be comprised solely 
of this menu. 

20 Fig. 18 depicts an exemplary embodiment of a front door page of an end user site 

employing menuing structures according to the present invention. In the Fig. 18 
embodiment of the present invention, front door page 1800 employs a control menu 
system 1802 and site navigation menu system 1808. Control menus system include, but 
are not limited to, site controls 1804 and page controls 1806. Site controls 1804 may be 

25 rendered by a site controls style. Site controls 1 804 may include links to pages, such as 
Front Door and My Account. Page controls 1806 may be rendered by a page controls 
style. Page controls 1 806 may include links to pages, such as add and move, and any 
other page-aware end-user pages except the front door. Site navigation 1808 may be 
rendered by one or more site navigation styles. Site navigation 1808 styles may include 

30 navigation links to Pages and JSP pages including files. The state of any particular page 
can be defined at any time by parameters including a selected control menu tab and a 
selected navigation menu item. The selected control menu tab defines which control 
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menu tab is selected. The selected navigation menu item defines which site navigation 
menu item is selected. 

Fig. 19 depicts the rules determining the operation of the control menu system 
and a site navigation system according to an embodiment of the present invention. Tn the 
5 embodiment of Fig. 19, the page controls menu is rendered if the selected navigation 
menu item refers to the content type page. The page content of a page may be 
determined by the selected control menu tab. In an embodiment of the present invention, 
the Page Content of the page is determined by the Selected Navigation Menu Item when 
the selected control menu tab has a link type front door. The branding of a page may be 

10 determined by the Selected Navigation Menu Item. In an embodiment of the present 
invention, selection of a menu item from the Page Control menu followed by selection of 
a menu item from the Site Navigation Menu not linked to a Page object automatically 
selects the Front Door link on the Site Control Menu. The content associated with a 
Menu Item is displayed in the Page Content area based on the menu item selected on the 

15 site navigation menu. 

An object of a site may be locked down to prevent modification of the object. The 
object may be locked down through the execution of a share type administration. In an 
embodiment of the present invention, users having privilege to lock down objects include 
a server administrator and a delegate administrator. For example, the site administrator 
20 is able to lock down the number and order of pages in the site and most of the modules 
for each page except the first. The Site Administrators for the site, who are employees of 
another company, are able to change the site's branding and create several new modules 
from building blocks to go on the first page, but not the remaining pages. 

End users may navigate through a site employing a site navigation tree. In an 
25 embodiment of the present invention, end user will see items on the navigation tree they 
have been allowed to see. The end user may navigate to the given page from a 
navigation tree. In an embodiment of the present invention, the end user will see the 
module instances they have been granted privileges to see once the end user has reached 
a page. The privileges granted to an end user may be based on permission associated 
30 with each module instance and menu item for the site. The permissions may include a 
system level permission and an access permission for the site. In an embodiment of the 
present invention, only one of these has to be true for the end user to see the instance or 
item. 
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Figs. 20a-20b are exemplary illustrations of consoles according to an embodiment 
of the present invention. In the Fig. 20a embodiment of the present invention, a server 
console 2002 is depicted. The server console may be employed by a server administrator 
to perform administration on a systems context as discussed above. In the Fig. 20b 
5 embodiment of the present invention, a site console 2004 is depicted. The site console 
may be employed by a server administrator to perform administration on a site context as 
discussed above. The site console includes 

While specific embodiments of the present invention have been illustrated and 
described, it will be understood by those having ordinary skill in the art that changes may 
10 be made to those embodiments without departing from the spirit and scope of the 
invention. 
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Claims 

We claim: 

1 1 . A method of sharing an object in a portal framework, the method comprising the 

2 steps of: 

3 storing a reference to the object in a first repository; and 

4 performing a first operation to store a duplicate of the reference to the object in a 

5 second repository; 

6 wherein the first operation is in accordance with a first privilege granted as 

7 defined by a permission. 

1 2. The method according to claim 1, wherein the reference to the object is for an 

2 object of a first site. 

1 3. The method according to claim 2, further comprising the step of performing a 

2 second operation to add the object to a second site. 

1 4. The method according to claim 3, further comprising the step of performing a 

2 third operation to remove the duplicate of the reference of the object from the second 

3 repository. 

1 5. The method according to claim 4, wherein the third operation further comprises 

2 the step of removing the object from the second site. 

1 6. The method according to claim 2, further comprising the step of providing access 

2 to the duplicate of the reference of the object in the second repository. 

1 7. The method according to claim 6, wherein the step of providing access is in 

2 accordance with a second privilege granted as defined by a permission for the second 

3 repository. 
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1 8. The method according to claim 7, further comprising the step of performing a 

2 second operation to store a second duplicate of the reference to the object in a third 

3 repository. 

1 9. The method according to claim 8, further comprising the step of performing a 

2 third operation to add the object to a second site. 

1 1 0. The method according to claim 9, further comprising the step of performing a 

2 fourth operation to remove the duplicate of the reference of the object from the second 

3 repository. 

1 11. The method according to claim 1 0, wherein the fourth operation further 

2 comprises the step of removing the object from the second site. 

1 12. The method according to claim 2, wherein the first operation further comprises 

2 the step of storing references to each child object of the object in the second repository. 

1 13. The method according to claim 2, wherein the first operation further comprises 

2 the step of excluding references to at least one child object of the object in the second 

3 repository. 

4 

1 14. A computer program product for sharing an object in a portal framework, the 

2 computer program product comprising: 

3 a computer readable medium; and 

4 computer program instructions, recorded on the computer readable medium, 

5 executable by a processor, for performing the steps of: 

6 storing a reference to the object in a first repository; and 
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7 performing a first operation to store a duplicate of the reference to the 

8 object in a second repository; 

9 wherein the first operation is in accordance with a first privilege granted as 
1 0 defined by a permission. 

1 15. The computer program product according to claim 14, wherein the reference to 

2 the object is for an object of a first site. 

1 16. The computer program product according to claim 1 5 , further comprising 

2 computer program instructions for performing the step of performing a second operation 

3 to add the object to a second site. 

1 17. The computer program product according to claim 16, further comprising 

2 computer program instructions for performing the step of performing a third operation to 

3 remove the duplicate of the reference of the object from the second repository. 

1 18. The computer program product according to claim 1 7, wherein the third operation 

2 further comprises the step of removing the object from the second site. 

1 19. The computer program product according to claim 15, further comprising 

2 computer program instructions for performing the step of providing access to the 

3 duplicate of the reference of the object in the second repository. 

1 20. The computer program product according to claim 19, wherein the step of 

2 providing access is in accordance with a second privilege granted as defined by a 

3 permission for the second repository. 
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1 21. The computer program product according to claim 20, further comprising 

2 computer program instructions for performing the step of performing a second operation 

3 to store a second duplicate of the reference to the object in a third repository. 

1 22. The computer program product according to claim 21 , further comprising 

2 computer program instructions for performing the step of performing a third operation to 

3 add the object to a second site. 

1 23. The computer program product according to claim 22, further comprising 

2 computer program instructions for performing the step of performing a fourth operation 

3 to remove the duplicate of reference of the object from the second repository. 

1 24. The computer program product according to claim 23, wherein the fourth 

2 operation further comprising the step of removing the object from the second site. 

1 25. The computer program product according to claim 15, wherein the first operation 

2 further comprises the step of storing references to each child object of the object in the 

3 second repository. 

1 26. The computer program product according to claim 15, wherein the first operation 

2 further comprises the step of excluding references to at least one child object of the 

3 object in the second repository. 

1 27. A system for sharing an object in a portal framework, the system comprising: 

2 a first repository operable to store a reference to the object; and 

3 a second repository operable to store a duplicate of the reference to the object in 

4 response to a first operation 

5 wherein the first operation is in accordance with a first privilege granted as 

6 defined by a permission. 
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1 28. The system according to claim 27, further comprising a first site operable to 

2 provide an object having to the reference to the object. 

1 29. The system according to claim 28, further comprising a second site operable to 

2 provide the object in response to a second operation. 

1 30. The system according to claim 29, wherein the duplicate of the reference of the 

2 object is removed from the second repository in response to a third operation. 

1 31. The system according to claim 30, wherein the object is removed from the second 

2 site in response to the third operation. 

1 32. The system according to claim 27, wherein access to the duplicate of the 

2 reference of the object in the second repository is provided. 

1 33. The system according to claim 32, wherein access is provided in accordance with 

2 a second privilege granted as defined by a permission for the second repository. 

1 34. The system according to claim 33, further comprising a third repository operable 

2 to store a second duplicate of the reference to the object in response to a second 

3 operation. 

1 35. The system according to claim 34, further comprising a second site operable to 

2 provide the object in response to the third operation. 

1 36. The system according to claim 35, wherein the second reference of the object is 

2 removed from the second repository in response to a fourth operation. 



46 



WO 03/025796 



PCT/US02/28226 



1 37. The system according to claim 36, wherein the object is removed from the second 

2 site in response to the fourth operation. 

1 38. The system according to claim 28, wherein the second repository is operable to 

2 store references to each child object of the object in response to the first operation. 

1 39. The system according to claim 28, wherein the second repository is operable to 

2 exclude storage of at least one child object of the object in the second repository in 

3 response to the first operation. 

4 40. A method of deploying components of a site between systems in a portal 

5 framework, the method comprising the steps of: 

6 storing assets of a component of a site designated for export as an export file; 

7 transferring the export file to a system at a remote location; and 

8 extracting the assets of the component from the export file to a plurality of 

9 location on the system at the remote location; 

10 wherein the assets include file assets and non-file assets configured to operate on 

1 1 the system at the remote location. 

1 41. The method according to claim 40, further comprising collecting the assets of the 

2 designated component. 

1 42. The method according to claim 41, further comprising querying a local system to 

2 identify the component designated for export. 

1 43. The method according to claim 41, wherein collecting the assets further 

2 comprises constructing the non-file assets as an extensible markup language fragment 

3 with a predetermined structure. 
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1 44. The method according to claim 43, lurther comprising parsing the extensible 

2 markup language fragment. 

1 45. The method according to claim 44, further comprising instantiating the non-file 

2 assets. 

1 46. The method according to claim 40, wherein the non-file assets include at least one 

2 of: a permissions object, a user preference object, a settings object, a menu object, and a 

3 user group object. 

1 47. A method of exporting components of a site to a system at a remote location in a 

2 portal framework, the method comprising the steps of: 

3 collecting assets of a component of a site designated for export as an export file; 

4 querying a local system to identify the component designated for export; and 

5 storing the assets of the designated component; 

6 wherein the assets include file assets and non-file assets configured to operate on 

7 the system at the remote location. 

1 48. The method according to claim 47, wherein collecting the assets further 

2 comprises constructing the non-file assets as an extensible markup language fragment 

3 with a predetermined structure. 

1 49. The method according to claim 47, further comprising transferring the export file 

2 to a system at the remote location. 



1 50. A method of importing components of a site to a system at a remote location in a 

2 portal framework, the method comprising the steps of: 

3 extracting assets of a component from an export file of an exported site; and 
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4 storing the assets of the component to a plurality of location on the system at the 

5 remote location; and 

6 wherein the assets include file assets and non-file assets configured to operate on 

7 the system at the remote location. 

1 51. The method according to claim 50, further comprising transferring the export file 

2 to the system at the remote location. 

1 52. The method according to claim 50, further comprising parsing an extensible 

2 markup language fragment including non-file assets. 

1 53. The method according to claim 50, further comprising instantiating the non-file 

2 assets. 

1 54. The method according to claim 50, wherein the non-file assets include at least one 

2 of: a permissions object, a user preference object, a settings object, a menu object, 

3 and a user group object. 

1 55. A computer program product for deploying components of a site between systems 

2 in a portal framework, the computer program product comprising: 

3 a computer readable medium; and 

4 computer program instructions, recorded on the computer readable medium, 

5 executable by a processor, for performing the steps of: 

6 storing assets of a component of a site designated for export as an export 

7 file; 

8 transferring the export file to a system at a remote location; and 

9 extracting the assets of the component from the export file to a plurality of 
10 location on the system at the remote location; 
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1 1 wherein the assets include file assets and non-file assets configured to operate on 

12 the system at the remote location. 

1 56. The computer program product according to claim 55, further comprising 

2 computer program instructions for performing the step of collecting the assets of the 

3 designated component. 

1 57. The computer program product according to claim 56, further comprising 

2 computer program instructions for performing the step of querying a local system to 

3 identify the component designated for export. 

1 58. The computer program product according to claim 56, wherein collecting the 

2 assets further comprises constructing the non-file assets as an extensible markup 

3 language fragment with a predetermined structure. 

1 59. The computer program product according to claim 58, further comprising 

2 computer program instructions for performing the step of parsing the extensible 

3 markup language fragment. 

1 60. The computer program product according to claim 59, further comprising 

2 computer program instructions for performing the step of instantiating the non-file 

3 assets. 

1 61 . The computer program product according to claim 55, wherein the non-file assets 

2 include at least one of: a permissions object, a user preference object, a settings 

3 object, a menu object, and a user group object. 

1 62. A computer program product for exporting components of a site to a system at a 

2 remote location in a portal framework, the computer program product comprising the 
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4 a computer readable medium; and 

5 computer program instructions, recorded on the computer readable medium, 

6 executable by a processor, for performing the steps of: 

7 collecting assets of a component of a site designated for export as an export file; 

8 querying a local system to identify the component designated for export; and 

9 storing the assets of the designated component; 

10 wherein the assets include file assets and non-file assets configured to operate on the 

1 1 system at the remote location. 

1 63. The computer program product according to claim 62, wherein collecting the 

2 assets further comprises constructing the non-file assets as an extensible markup 

3 language fragment with a predetermined structure. 

1 64. The computer program product according to claim 62, further comprising 

2 transferring the export file to a system at the remote location. 

1 65. A computer program product for importing components of a site to a system at a 

2 remote location in a portal framework, the computer program product comprising the 

3 steps of: 

4 a computer readable medium; and 

5 computer program instructions, recorded on the computer readable medium, 

6 executable by a processor, for performing the steps of: 

7 extracting assets of a component from an export file; and 

8 storing the assets of the component to a plurality of location on the system 

9 at the remote location; and 

10 wherein the assets include file assets and non-file assets configured to operate on 

1 1 the system at the remote location. 
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1 66. The computer program product according to claim 65, further comprising 

2 transferring the export file to the system at the remote location. 

1 67. The computer program product according to claim 65, further comprising 

2 instantiating the non-file assets. 

1 68. The computer program product according to claim 65, wherein the non-file assets 

2 include at least one of: a permissions object, a user preference object, a settings 

3 object, a menu object, and a user group object. 

1 69. A system for deploying components of a site between systems in a portal 

2 framework, the method comprising the steps of: 

3 a first deployment manager on a local system operable to export assets of a 

4 component of a site as an export file; 

5 a means for transferring the export file to a system at a remote location; and 

6 a second deployment manager on the system at the remote location operable 

7 import the assets of the component of the site from the export file to the system at the 

8 remote location; 

9 wherein the assets include file assets and non-file assets configured to operate on 
10 the system at the remote location. 

1 70. The system according to claim 69, wherein the first deployment manager further 

2 includes a first component module operable to collect the assets of the designated 

3 component. 

1 71. The system according to claim 70, wherein the first component module is further 

2 operable to query the local system to identify the component designated for export. 
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1 72. The system according to claim 70, wherein the first component module is further 

2 operable to store assets of the component for export as an export file. 

1 73. The system according to claim 70, wherein the first component module is further 

2 operable to construct the non-file assets as an extensible markup language fragment 

3 with a predetermined structure. 

1 74. The system according to claim 73, wherein the second deployment manager 

2 further includes a second component module operable to parse the extensible markup 

3 language fragment. 

1 75. The system according to claim 73, wherein the second component module is 

2 further operable to instantiate the non-file assets. 

1 76. The system according to claim 69, wherein the second component module is 

2 further operable to extract the assets of the component from the export file to a 

3 plurality of location on the system at the remote location. 

1 77. The system according to claim 69, wherein the non-file assets include at least one 

2 of: a permissions object, a user preference object, a settings object, a menu object, 

3 and a user group object. 

1 78. A system for exporting components of a site to a system at a remote location in a 

2 portal framework comprising: 

3 a component module operable to: 

4 collect the assets of a component of a site for export as an export file; 

5 query a local system to identify the component designated for export; 

6 construct at least some of the assets as an extensible markup language fragment 

7 with a predetermined structure; and 
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8 storing the assets of the designated component. 

1 79. The system according to claim 78, wherein the assets include file assets and non- 

2 file assets configured to operate on the system at a remote location. 

1 80. The method according to claim 78, further comprising means for transferring the 

2 export file to the system at the remote location. 

1 81. The system according to claim 78, where the at least some of the assets are non- 

2 file assets including at least one of: a permissions object, a user preference object, a 

3 settings object, a menu object, and a user group object. 

1 82. A system for importing components of a site from a system at a remote location 

2 in a portal framework comprising: 

3 a component module operable to: 

4 extract assets of a component from an export file; 

5 parse an extensible markup language fragment including at least some of the 

6 assets; 

7 instantiating the non-file assets; and 

8 store the assets of the component to on a local system. 

1 83. The system according to claim 82, wherein the assets include file assets and non- 

2 file assets configured to operate on the system at the remote location. 

1 84. The system according to claim 82, further comprising means for transferring the 

2 export file from the system at the remote location. 

3 
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1 85. The method according to claim 82, where the at least some of the assets are non- 

2 file assets including at least one of: a permissions object, a user preference object, a 

3 settings object, a menu object, and a user group object. 

4 

1 86. A portal management framework for performing administration on a portal server 

2 framework on a computer network, comprising: 

3 a first console class configured to instantiate a first console object operable to: 

4 perform a first administration operation to instantiate a set of site objects; 

5 and 

6 perform a second administration operation to instantiate a first set of 

7 permission objects, each permission object in the first set of permission 

8 objects defining a first set of users having access to, and first set of 

9 administrative privileges associated with, a site object in the set of site 

10 objects; 

1 1 whereby, upon installation on the computer network, the class is 

12 executable by a processor on the network. 
13 

1 87. The framework according to claim 86, wherein access to the first console object 

2 is in accordance with a second set of administrative privileges granted to a second set 

3 of users defined by a first console permission object. 

4 

1 88. The framework according to claim 86, wherein the first console object is operable 

2 to perform a third administration operation to map each site object in the set of site 

3 objects to at least one of: a domain name server (DNS) and a uniform resource 

4 locator (URL). 

5 

1 89. The framework according to claim 86, wherein the first console object is operable 

2 to perform a third administration operation on each object in a collection of objects 

3 available to the set of site objects. . 

4 
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1 90. The framework according to claim 86, wherein the first set of administrative 

2 privileges includes permission to instantiate a second set of permission objects. 

3 

1 91 . The framework according to claim 90, wherein each permission object in the 

2 second set of permission objects defines a second set of users having access to, and a 

3 second set of administrative privileges associated with, a site object in the set of site 

4 objects. 

5 

1 92. The Framework according to claim 91, wherein the second set of administrative 

2 privileges includes performing a third administration operation to instantiate a child- 

3 site object to the site object in the set of site objects. 

4 

1 93. The Framework according to claim 92, further comprising a second console class 

2 configured to instantiate a second console object operable to perform the third 

3 administration operation. 

4 

1 94. The Framework according to claim 93, wherein the second set of administrative 

2 privileges includes accessing the second console object. 

3 

1 95. The Framework according to claim 91, wherein the second set of administrative 

2 privileges includes performing a third administration operation to instantiate a third 

3 permission object defining a third set of users having access to, and third set of 

4 administrative privileges associated with, a site object in the set of site objects. 

5 

1 96. The Framework according to claim 95, further comprising a second console class 

2 configured to instantiate a second console object operable to perform the third 

3 administration operation. 

4 

1 97. The Framework according to claim 96, wherein the second set of administrative 

2 privileges includes accessing the second console object. 
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3 

1 98. A method of performing administration on a portal server framework on a 

2 computer network, comprising: 

3 providing a first console class configured to instantiate a first console object 

4 operable to: 

5 perform a first administration operation to instantiate a set of site objects; 

6 and 

7 perform a second administration operation to instantiate a first set of 

8 permission objects, each permission object in the first set of permission objects 

9 defining a first set of users having access to, and first set of administrative 

10 privileges associated with, a site object in the set of site objects; 

1 1 whereby, upon installation on the computer network, the class is executable by a 

1 2 processor on the network. 
13 

1 99. The method according to claim 98, wherein access to the first console object is in 

2 accordance with a second set of administrative privileges granted to a second set of 

3 users defined by a first console permission object. 

4 

1 100. The method according to claim 98, wherein the first console object is operable to 

2 perform a third administration operation to map each site object in the set of site 

3 objects to at least one of: a domain name server (DNS) and a uniform resource 

4 locator (URL). 

5 

1 101 . The method according to claim 98, wherein the first console object is operable to 

2 perform a third administration operation on each object in a collection of objects 

3 available to the set of site objects. 

4 

1 102. The method according to claim 98, wherein the first set of administrative 

2 privileges includes permission to instantiate a second set of permission objects. 

3 
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1 1 03 . The method according to claim 1 02, wherein each permission object in the 

2 second set of permission objects defines a second set of users having access to, and a 

3 second set of administrative privileges associated with, a site object in the set of site 

4 objects. 

5 

1 104. The method according to claim 103, wherein the second set of administrative 

2 privileges includes performing a third administration operation to instantiate a child- 

3 site object to the site object in the set of site objects. 

4 

1 105. The method according to claim 104, further comprising providing a second 

2 console class configured to instantiate a second console object operable to perform 

3 the third administration operation. 

4 

1 1 06. The method according to claim 105, wherein the second set of administrative 

2 privileges includes accessing the second console object. 

3 

1 107. The method according to claim 103, wherein the second set of administrative 

2 privileges includes performing a third administration operation to instantiate a third 

3 permission object defining a third set of users having access to, and third set of 

4 administrative privileges associated with, a site object in the set of site objects. 

5 

1 108. The method according to claim 107, further comprising providing a second 

2 console class configured to instantiate a second console object operable to perform 

3 the third administration operation. 

4 

1 1 09. The method according to claim 1 08, wherein the second set of administrative 

2 privileges includes accessing the second console object. 

3 

1 110. A computer program product for performing administration on a portal server 
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3 a computer readable medium; and 

4 computer program instructions, recorded on the computer readable medium, 

5 executable by a processor, for performing the steps of: 

6 providing a first console class configured to instantiate a first console 

7 object operable to: 

8 perform a first administration operation to instantiate a set of site 

9 objects; and 

1 0 perform a second administration operation to instantiate a first set 

11 of 

12 permission objects, each permission object in the first set of permission objects 

13 defining a first set of users having access to, and first set of administrative 

14 privileges associated with, a site object in the set of site objects; 

15 whereby, upon installation on the computer network, the class is executable by a 

16 processor on the network. 
17 

1 111. The method according to claim 1 10, wherein access to the first console object is 

2 in accordance with a second set of administrative privileges granted to a second set of 

3 users defined by a first console permission object. 

4 

1 112. The computer program product according to claim 1 1 0, wherein the first console 

2 object is operable to perform a third administration operation to map each site object 

3 in the set of site objects to at least one of: a domain name server (DNS) and a uniform 

4 resource locator (URL). 

5 

1 113. The computer program product according to claim 1 1 0, wherein the first console 

2 object is operable to perform a third administration operation on each object in a 

3 collection of objects available to the set of site objects. 

4 

1 114. The computer program product according to claim 1 10, wherein the first set of 

2 administrative privileges includes permission to instantiate a second set of permission 

3 objects. 
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4 

1 115. The computer program product according to claim 1 14, wherein each permission 

2 object in the second set of permission objects defines a second set of users having 

3 access to, and a second set of administrative privileges associated with, a site object 

4 in the set of site objects. 

5 

1 116. The computer program product according to claim 1 1 5, wherein the second set of 

2 administrative privileges includes performing a third administration operation to 

3 instantiate a child-site object to the site object in the set of site objects. 

4 

1 117. The computer program product according to claim 116, further comprising 

2 computer program instructions for performing the steps of providing a second 

3 console class configured to instantiate a second console object operable to perform 

4 the third administration operation. 

5 

1 118. The computer program product according to claim 117, wherein the second set of 

2 administrative privileges includes accessing the second console object. 

3 

1 119. The computer program product according to claim 115, wherein the second set of 

2 administrative privileges includes performing a third administration operation to 

3 instantiate a third permission object defining a third set of users having access to, and 

4 third set of administrative privileges associated with, a site object in the set of site 

5 objects. 

6 

1 120. The computer program product according to claim 1 1 9, further comprising 

2 computer program instructions for performing the step of providing a second console 

3 class configured to instantiate a second console object operable to perform the third 

4 administration operation. 

5 
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1 121 . The computer program product according to claim 120, wherein the second set ol 

2 administrative privileges includes accessing the second console object. 
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